Long gone are the days when malware used to be a slight nuisance for most organizations.
Not taking the malware threat seriously can result in significant financial and reputational loss as evidenced by the frequent media reports on highly successful cyber breaches that have targeted many large, well-known organizations.
Although a breach can simply be the result of a software vulnerability (known, or unknown) in the infrastructure of an organization, almost all cyberbreaches today involve malicious software (i.e., malware) as an important component of the attack. That is, malware is typically used to leak sensitive data from the organization (e.g., credit card information and social security numbers), and perform unauthorized operations such as the sending of spam, and the interception and modification of financial transactions.
So how can you protect yourself from cyber breaches and the malware that causes them? Is there any hope that you can cope with the ever-evolving threat, or will the attackers always be one step ahead of the defenders?
The honest answer is that there is no silver bullet in cybersecurity. No single solution can guarantee a perfect detection of all breaches. Rather, an effective breach defense strategy will include the ability to block, preferably automatically, as many breach attempts as possible, plus the ability to detect a successful breach as quickly as possible to limit the impact. In the modern cybersecurity world, the old folk wisdom that one can block most “hacking” attempts with the right technology does not hold anymore.
The correct strategy needs to be built around the mindset that the attackers might eventually succeed, and that with the right tools, the breach can be detected early, the extent of it can be controlled, and the attack can be stopped before a lot of damage is inflicted.
I have learned that this strategy includes two critical success factors: dynamic analysis that uses behavior, not signatures or hashes, as the primary determinant of whether something is malicious or benign; and continual reviews and upgrades of whatever security systems you have implemented. The criminals aren’t standing still, so neither can you.
Technology, of course, is only part of the equation. User education is critical in keeping cyber-criminals in check. A main reason for why many cyberattacks still work today is because a lot of users fall for simple social engineering tricks. The user, hence, is still the weakest link when it comes to many malware infections. Therefore, a good breach detection and prevention strategy, in addition to the deployment of modern, innovative breach detection technologies, needs to include an educational component that involves the training of employees in order to raise their cybersecurity awareness.